#
# koji-hub is an xmlrpc interface to the Koji database
#

Alias /kojihub /usr/share/koji-hub/kojixmlrpc.py

<Directory "/usr/share/koji-hub">
    Options ExecCGI
    SetHandler wsgi-script
    WSGIApplicationGroup %{GLOBAL}
    # ^ works around a hub issue with OpenSSL
    # see: https://cryptography.io/en/latest/faq/#starting-cryptography-using-mod-wsgi-produces-an-internalerror-during-a-call-in-register-osrandom-engine
    WSGIScriptReloading Off
    # ^ reloading breaks hub "firstcall" check
    # see: https://pagure.io/koji/issue/875
    <IfVersion < 2.4>
        Order allow,deny
        Allow from all
    </IfVersion>
    <IfVersion >= 2.4>
        Require all granted
    </IfVersion>
</Directory>

# Also serve {{ koji_mount }}
Alias /kojifiles "{{ koji_mount }}/"

<Directory "{{ koji_mount }}/">
    #Options Indexes SymLinksIfOwnerMatch
    #If your top /mnt/koji directory is not owned by the httpd user, then
    #you will need to follow all symlinks instead, e.g.
    Options Indexes FollowSymLinks
    AllowOverride None
    IndexOptions +NameWidth=*
    <IfVersion < 2.4>
        Order allow,deny
        Allow from all
    </IfVersion>
    <IfVersion >= 2.4>
        Require all granted
    </IfVersion>
</Directory>

# uncomment this to enable authentication via GSSAPI
<Location /kojihub/ssllogin>
        AuthType GSSAPI
        AuthName "GSSAPI Single Sign On Login"
        GssapiCredStore keytab:{{ koji_web_keytab }}
        Require valid-user
</Location>
